geneva, switzerland, 15-16 september 2014
DESCRIPTION
ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014). Challenges and Successes in the Zambian ICT Security Sector. Mainza Siamubayi Handongwe, Student Research Fellow, Information and Communications University - PowerPoint PPT PresentationTRANSCRIPT
Geneva, Switzerland, 15-16 September 2014
Challenges and Successes in the Zambian ICT Security Sector
Mainza Siamubayi Handongwe,Student Research Fellow,
Information and Communications University
Email: [email protected]
ITU Workshop on “ICT Security Standardizationfor Developing Countries”
(Geneva, Switzerland, 15-16 September 2014)
Geneva, Switzerland, 15-16 September 2014
2
Introduction
Zambia has made so much progress in the ICT sectorOver the years, we have seen the following major developments;
Three mobile telecommunication companiesOnline services (e-commerce, e-learning, etc)Web hostingInternet Service Provision
Geneva, Switzerland, 15-16 September 2014
3
Introduction cont'
This has lead to exposure to several information security risks including;
Website defacementDebit card stealing and cloningFinancial losses due to debit card cloningPhishingInternet bundle and mobile credit stealingDenial of ServiceWireless network hacking
Geneva, Switzerland, 15-16 September 2014
4
Introduction cont'
This, in most cases, has adversely affected socio-economic activities especially where cyber security preparedness is lacking
Geneva, Switzerland, 15-16 September 2014
5
Challenges
Zambia, like many developing countries, is faced with several challenges in the ICT sector These include;
Inadequate policies to curb cyber crimeInadequate qualified personnel to fight cyber crimeInadequate ICT infrastructure to prevent and investigate cyber crimeInadequate sensitization on cyber crime
Geneva, Switzerland, 15-16 September 2014
6
Inadequate policies to curb cyber crime
Zambia had no specific legislation towards address cyber crime until 2004Computer Crime and Misuse Act number 13 of 2004 enacted following defacement of State House website in 1999Though it criminalizes some cyber crimes, the act still does not prohibit other major cyber crimes
Geneva, Switzerland, 15-16 September 2014
7
Inadequate policies to curb cyber crime cont'
Offence Legislation Penalty
Unauthorised access Legislated Fifty thousand penalty units or 2-5yrs imprisonment or both
Unauthorised modifications
Legislated Fifty thousand penalty units or up to 3yrs imprisonment or both
Denial of Service Legislated Five thousand penalty units or up to 10 yrs imprisonment or both
Unsolicited e-mails (Spam)
Not fully legislated. Crime if causes damage to computer system
Unauthorised Interception
Legislated Two thousand penalty units or up to 5yrs imprisonment or both
Geneva, Switzerland, 15-16 September 2014
8
Inadequate policies to curb cyber crime cont'
Offence Legislation Penalty
Pornography Child pornography legislated, adult access to online pornography without downloading to hard drive not clearly legislated
Not less than 15yrs imprisonment or fine
Manufacture of hardware and software for furthering cybercrime
Not legislated
Computer-related Fraud Not specifically legislated
Computer-related Forgery
Not legislated.
e-Commerce Not legislated
Identity Theft Not legislated
Geneva, Switzerland, 15-16 September 2014
9
Inadequate policies to curb cyber crime cont'
Act imposes lighter sentences for crimes that would require hefty onesThe National ICT Policy of 2007 indicates government's commitment to promote safety in electronic frontier (Lupiya, 2009)
Geneva, Switzerland, 15-16 September 2014
10
Inadequate policies to curb cyber crime cont'
However, the policy does not give mandate to relevant government departments and private sector to combat some cyber crime
Geneva, Switzerland, 15-16 September 2014
11
Inadequate qualified personnel to fight cyber crime
'According to an ICT industry skills survey, there were three hundred (300) people with graduate qualifications in ICTs in 2008'- S. HabeenzuLack of ICT Staff structure (rural areas)Most network and systems administrators lack cyber security skillsThis could be attributed to limited number of institutions offering cyber security training
Geneva, Switzerland, 15-16 September 2014
12
Inadequate qualified personnel to fight cyber crime cont'
The cost of training and certification is also limitingThis makes networks/systems that are managed by such personnel vulnerable to attacksInvestigation of such incidences becomes difficult due to lack of computer forensic skills
Geneva, Switzerland, 15-16 September 2014
13
ICT Staff Per Institution
Institution ICT StaffCyber Security Skilled
CBU 40 1
UNZA 25 3
NRDC 2 1
ZCA-Monze 1 0
ZCA-Mpika 0 0
ICU 5 3
Nkhrumah College 2 0
Rusangu Univeristy 4 0
Cooperative College 2 0
Evelyn Hone College 3 0
Geneva, Switzerland, 15-16 September 2014
14
05
10152025303540
ICT Staff CyberSecuritySkilled
CBU
UNZA
NRDC
ZCA-Monze
ZCA-Mpika
ICU
Nkhrumah College
Rusangu Univeristy
Cooperative College
Evelyn Hone College
ICT staff per institution and those with cyber security skills
ICT Staff Per Institution
Geneva, Switzerland, 15-16 September 2014
15
Inadequate ICT infrastructure to prevent and investigate cyber crime
Prevention and investigation of cyber crime requires specialized hardware and softwareThese include firewalls, intrusion detection systems, forensic software etcThese usually call for huge investments
Geneva, Switzerland, 15-16 September 2014
16
Inadequate ICT infrastructure to prevent and investigate cyber crime
cont'
This tends to be the limiting factor for most government and private institutions
Geneva, Switzerland, 15-16 September 2014
17
Inadequate sensitization on cyber crime
The fight against cyber crime would be fruitless without involvement of ICT end usersInformation sharing with citizens on cyber crime and counter measures was not done in the past, hence the ‘information gap'
Geneva, Switzerland, 15-16 September 2014
18
Inadequate sensitization on cyber crime cont'
The Zambia Information Communication Technology Authority (ZICTA) is currently sensitizing citizens on online child protectionHowever, ZICTA's efforts are not adequate considering the the huge task to be undertaken
Geneva, Switzerland, 15-16 September 2014
19
Successes-Govt and Private Sector
Establishment of the Zambia Information Communication Authority (ZICTA) to regulate ICT in ZambiaGovernment has set up the first ever Computer Forensic Laboratory based at the Zambia Police Headquarters
A number of police officers have been trained in Information Security and Computer ForensicsThe Zambian government has partnered with several local and international organizations (including ITU) in the fight against cyber crime
Conclusions and Recommendations
Formulate policies that will mandate relevant departments to prevent and investigate cyber crime, and prosecute perpetrators of such crimesInvest more in systems that prevent and help investigate cyber crimeEnsure that private institutions invest in systems that guarantee
security to users or clientsTrain and/or recruit more personnel in cyber securityEstablish Computer Incident Response Teams at all levels in govt structures and the private sector Sensitize citizens on cyber crime and counter measures, and encourage reporting of cyber crimes
Geneva, Switzerland, 15-16 September 2014
20
Geneva, Switzerland, 15-16 September 2014
21
Bibliography
HABEENZU S. (2010), Zambia ICT Sector Performance Review 2009/2010LUPIYA S. (2009), Cyber Crime and the Law in Zambia